leca/bsfe_server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

a lot of fixes, implementing abstract product api endpoints

Browse Source
This commit is contained in:
leca
2024-10-26 20:18:14 +03:00
parent e78f20d44e
commit a27ce5762c
11 changed files with 112 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
src/middlewares/auth.js
View File

@@ -2,26 +2,37 @@ import log from '../utils/log.js'
import jwt from 'jsonwebtoken';
import config from '../../config.json' with {type: "json"};
import GroupService from '../services/group.js';
import UserService from '../services/user.js';
const TAG = "/middlewares/auth.js"
const requireUsernameAndPassword = async (req, res, next) => {
const requireUsername = async (req, res, next) => {
if (req.method == "OPTIONS") next();
try {
const {username, password} = req.body;
const {username} = req.body;
if (!username) return res.status(400).send("Username is required");
next();
} catch (e) { return res.status(500).send(unknownError(`${TAG}/requireUsername: ${e}`)); }
}
const requirePassword = async (req, res, next) => {
if (req.method == "OPTIONS") next();
try {
const {password} = req.body;
if (!password) return res.status(400).send("Password is required");
next();
} catch (e) { return res.status(500).send(unknownError(`${TAG}/requireUsernameAndPassword: ${e}`)); }
} catch (e) { return res.status(500).send(unknownError(`${TAG}/requirePassword: ${e}`)); }
}
const authenticate = async (req, res, next) => {
if (req.method == "OPTIONS") next();
try {
if (!req.headers.authorization) return res.status(403).send("No authorization header supplied");
const token = req.headers.authorization.split(' ')[1]
if (!token) return res.status(401).send("No authorization token supplied");
if (!token) return res.status(403).send("No authorization token supplied");
if (!jwt.verify(token, config.secret)) return res.status(403).send("Authorization token is incorrect");
next();
@@ -33,13 +44,12 @@ const authorizeGroupOwner = async (req, res, next) => {
try {
const token = req.headers.authorization.split(' ')[1]
if (!token) return res.status(401).send("No authorization token supplied");
const { id } = req.params;
const { groupId } = req.params;
let user = jwt.decode(token, config.secret)
let adminId = await GroupService.getAdminId(id);
let adminId = await GroupService.getAdminId(groupId);
if (user.login.id != adminId) return res.status(403).send("Not your group");
next();
} catch (e) { return res.status(500).send(log.unknownError(`${TAG}/authorizeGroupOwner: ${e}`)); }
@@ -49,10 +59,10 @@ const checkGroupPassword = async (req, res, next) => {
if (req.method == "OPTIONS") next();
try {
const { id } = req.params;
const { groupId } = req.params;
const { password } = req.body;
const groupPassword = await GroupService.getPassword(id);
const groupPassword = await GroupService.getPassword(groupId);
if (groupPassword != password) return res.status(403).send("Wrong password");
next();
@@ -60,4 +70,15 @@ const checkGroupPassword = async (req, res, next) => {
} catch (e) {return res.status(500).send(log.unknownError(`${TAG}/checkGroupPassword: ${e}`));}
}
export default { requireUsernameAndPassword, authenticate, authorizeGroupOwner, checkGroupPassword }
const userIsInGroup = async (req, res, next) => {
if (req.method == "OPTIONS") next();
const groupId = req.body.groupId || req.params.groupId;
const token = req.headers.authorization.split(' ')[1]
let user = jwt.decode(token, config.secret)
if (!await UserService.isInGroup(user.login.id, groupId)) return res.status(403).send("You are not a member of this group");
next();
}
export default { requireUsername, requirePassword, authenticate, authorizeGroupOwner, checkGroupPassword, userIsInGroup }

23
src/middlewares/existance.js
View File

@@ -27,10 +27,9 @@ const usernameDoesntExist = async (req, res, next) => {
const groupExists = async (req, res, next) => {
try {
let groupId = req.params.groupId || req.body.groupId;
const { id } = req.params;
let group = await GroupService.getById(id);
let group = await GroupService.getById(groupId);
if (!group || group == statuses.not_found) return res.status(404).send("Group not found");
next();
@@ -39,13 +38,23 @@ const groupExists = async (req, res, next) => {
const groupDoesntExist = async (req, res, next) => {
try {
let groupId = req.params.groupId || req.body.groupId;
const { id } = req.params;
let group = await GroupService.getById(id);
let group = await GroupService.getById(groupId);
if (group || group != statuses.not_found) return res.status(400).send("Such group already exists");
next();
} catch (e) { return res.status(500).send(log.unknownError(`${TAG}/groupDoesntExist: ${e}`)) }
}
export default { usernameExists, usernameDoesntExist, groupExists, groupDoesntExist }
const groupNameDoesntExist = async (req, res, next) => {
try {
const { groupName } = req.params;
let group = await GroupService.getByName(groupName);
if (group) return res.status(400).send("Such group name already exists");
next();
} catch (e) { return res.status(500).send(log.unknownError(`${TAG}/groupNameDoesntExist: ${e}`)) }
}
export default { usernameExists, usernameDoesntExist, groupExists, groupDoesntExist, groupNameDoesntExist }